My norton reported me that a Win32/BaiduSP Rootkit was trying to modify my web browser. And after that, my firefox kept redirecting me to some unknown web sites. However, my norton can’t remove it I don’t know why. Is there any thing I can do to remove it from my local disk? Will this virus cause other problems to my computer? I’m afraid that I need to find someone to help me?

What is Win32/BaiduSP Rootkit?

Win32/BaiduSP is another secluded rootkit that intrude into users’ PCs to modify the web browsers. The hackers who created this virus want to use this rootkit to promote some programs or some products by violence. That is to say, they use this rootkit to modify your web browser so that no matter you open what web sites, it will always pop up other web sites that you don’t want. Or, your homepage and some other settings such as bookmarks will be completely changed. And this Win32/BaiduSP virus uses some improper means to damage some processes or files of web browser so that you can’t do what you do in usual and the hackers can carry their point.

Win32/BaiduSP Rootkit can easily escape from your anti-virus scanning and access your computer. It can lurk in anywhere in the Internet. For example, it may be attached on some legitimate files such as video or sound files. If you don’t know what you download, you are very likely to download this browser hijack virus as well. On another occasion, when you install some programs into your computer, if you are careless, you may also installed this redirect virus because the virus may be attached with this program. Browser hijack virus is dangerous because it can bring in much more other viruses such as Trojan virus or scam virus. So remove Win32/BaiduSP asap!

Win32/BaiduSP is a tinny program that will run secretly under some operating system folders.  It’s created to modify the web browser in your computer. The rootkit has its own features. The very obvious one is that it can’t be easily  removed by anti-virus. Many users found that even if they ran several kinds of anti-viruses at the same time, the virus can still survive. In usual, those stubborn Trojan virus always disguise as some operating system files so that anti-virus can’t scan them out from huge amount of files. They will be always given the same names as the operating system files.

Tips: For safety and convenience, you can contact PC online professional services for help, YooCare is such one that can easily make you at ease:

The Potential Risk of Win32/BaiduSP Virus

A. Your computer is something not normal as usual such as running very slowly.

B. When you open your web browser, you are always redirected to some other malicious web sites.

C. Some of your computer functions are unavailable or some normal legal program can’t run or there are unusual conditions of them.

D. It always constantly happens that your system has errors somewhere.

E. You can’t use your web browser freely once you get this virus.

Manually Rmove Win32/BaiduSP With Sub-steps

Please follow these steps to get rid of Win32/BaiduSP virus manually:
Step 1: Press CTRL+ALT+DEL or CTRL+SHIFT+ESC. Open the Windows Task Manager.
If that didn’t work, try another way. Press the Start button and click on the Run option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager

Step 2: Within the Windows Task Manager click on the Processes tab. Find the process by name. random.exe. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button. This will kill the process.

Step 3: Delete malicious registry entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\random

Step 4: Remove malicious files of Win32/BaiduSP virus

C:\windows\system32\services.exe
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\FVL\Settings\random
C:\Program Files\Search Results Toolbar\Datamngr\TARDLL~1\random

Video of Key Steps on How to Modify or Change Registry to Completely Clean Malware:

Possibly, you may still can’t remove Win32/BaiduSP rootikit virus after you tried many steps because the files of the cunning virus would be changed every time. Even the names of the virus would be named randomly. Please be careful when you try to fix Win32/BaiduSP problem yourself. It’s not so easy for one person who is not familiar with the virus and not well trained in IT filed. If you don’t have much knowledge of Windows operating system, you almost can’t find it out from so large amounts of system files. And you’d better don’t try so called free software to get rid of this Trojan since the virus is well disguised that anti-virus may delete some system files erroneously. What’s more so called free software may be another cheater. You’d better to find an expert to help you remove this Trojan.

Kindly Reminder: If you failed to remove Win32/BaiduSP with the methods you found from the internet, please consult YooSecurity certified professionals to remove it completely.

Published by Leo R. Oscar & last updated on July 3, 2013 5:02 am

Leave a Reply